FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ea893f06-5a92-11e5-98c0-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

Login names (usually an email address) longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested. The login name could then be automatically added to groups based on the group's regular expression setting.


Discovery 2015-09-10
Entry 2015-09-14
bugzilla44
< 4.4.10

bugzilla50
< 5.0.1

CVE-2015-4499
https://bugzilla.mozilla.org/show_bug.cgi?id=1202447
22283b8c-13c5-11e8-a861-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to.


Discovery 2018-02-16
Entry 2018-02-16
bugzilla44
< 4.4.13

bugzilla50
< 5.0.4

CVE-2018-5123
https://bugzilla.mozilla.org/show_bug.cgi?id=1433400
036d6c38-1c5b-11e6-b9e0-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs.


Discovery 2016-03-03
Entry 2016-05-17
bugzilla44
< 4.4.12

bugzilla50
< 5.0.3

CVE-2016-2803
https://bugzilla.mozilla.org/show_bug.cgi?id=1253263
54075861-a95a-11e5-8b40-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap function generates. This could be used for a cross-site scripting attack.

If an external HTML page contains a